CWE-862


Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

We have discovered 3,791,874 live websites that are affected by CWE-862.

Contact us to get more info







CVEs

  • Count - 1,233



CWE-862 usage by Country

United States1,396,606 websites


Germany422,702 websites
France224,977 websites
Italy158,035 websites
GB130,730 websites
Japan108,926 websites
Netherlands94,073 websites
Poland90,587 websites
Russia86,518 websites
Spain85,743 websites

CWE-862 usage by TLD

.com1,658,060 websites
.de197,752 websites
.org172,696 websites
.it123,922 websites
.co.uk96,858 websites
.nl94,367 websites
.net91,899 websites
.fr83,011 websites
.com.br79,663 websites
.pl74,129 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-862
DiscoveredCVEDescriptionWebsites
May, 2025CVE-2025-3527 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting14,760
May, 2025CVE-2025-31063 WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability2
May, 2025CVE-2025-39482 WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - Broken Access Control vulnerability85
May, 2025CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability1,613
May, 2025CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability14,760
May, 2025CVE-2025-48079 WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability793
May, 2025CVE-2025-48116 WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability3,130
May, 2025CVE-2025-48138 WordPress BERTHA AI <= 1.12.11 - Broken Access Control Vulnerability17
May, 2025CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update363
May, 2025CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form16

The most widespread CVEs

List of the most common CVEs that are part of CWE-862
DiscoveredCVEDescriptionWebsites
Jun, 2024CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability1,252,119
Jun, 2024CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability464,121
Jan, 2025CVE-2024-56276 WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability286,404
Jun, 2024CVE-2023-35050 WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability271,441
Jun, 2024CVE-2023-47788 WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability259,965
Jan, 2025CVE-2025-24751 WordPress CoBlocks plugin <= 3.1.13 - Broken Access Control vulnerability232,360
Apr, 2025CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update129,434
Dec, 2024CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation125,843
Jun, 2024CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability121,076
Jun, 2024CVE-2023-39312 WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability111,341

Websites affected by CWE-862

Top websites that are affected by CWE-862. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.com United States**
**********.com United States***
********.com United States***
*****.net Singapore***
****.******.com Singapore***
*****.com United States***
**************.de Germany***
*********.com United States***
****.com United States***
*******.org United States***
See full domain list